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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1. (Original) A method for controlling subscriber access in a network capable of establishing 
connections with a plurality of domains, comprising: 

receiving a communication from a subscriber using a first communication network coupled 
to at least one other communication network, said communication optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said communication; 

authorizing subscriber access to said domain when said domain identifier is included in said 
list. 

2. (Original) The method of claim 1, further comprising terminating said communication when 
said domain identifier is not included in said list. 

3. (Original) The method of claim 1 wherein said communication comprises a Point-to-Point 
Protocol (PPP) session. 
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4. (Original) The method of claim 3 wherein > 
said PPP session comprises a tunneling session; 

said determining further comprises assigning a tunnel ED; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 

5. (Original) The method of claim 4 wherein said tunneling session comprises an L2TP 
session. 

6. (Original) The method of claim 5 wherein said determining further comprises: 
issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domains for said identifier; 
indicating said domain is unauthorized when said domain name is not in said domain list; 
indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ID request including said domain name when said domain name is 

authorized; and 
receiving a tunnel ID. 

7. (Original) The method of claim 6 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 
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8. (Original) The method of claim 6 wherein said virtual circuit identifier comprises a 
VPI/VCI identifier. 

9. (Original) The method of claim 5 wherein said determining further comprises: 

issuing a tunnel ID request including said domain name and a virtual circuit identifier; and 
receiving a tunnel ID. 

10. (Original) The method of claim 9 wherein an AAA server services said tunnel ID request. 

1 1 . (Original) The method of claim 9 wherein said virtual circuit identifier comprises a 
VPI/VCI identifier. 

12. (Original) The method of claim 5 wherein said determining further comprises: 
performing a table lookup based on a virtual circuit identifier to obtain an authorized domain 

list that includes authorized domains far said virtual circuit identifier; 
indicating said domain is unauthorized when said domain name is not in said authorized 
domain list; 

indicating said domain is authorized when said domain name is in said authorized domain 
list; and 

performing a table lookup based on said domain name to obtain a tunnel ED when said 
domain name is authorized. 
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13. (Original) The method of claim 12 wherein said virtual circuit identifier comprises a 
VPI/VCI identifier. 

14. (Original) A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method to control subscriber access in a 
network capable of establishing connections with a plurality of domains, the method 
comprising: 

receiving a communication from a subscriber using a first communication network coupled 
to at least one other communication network, said communication optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said communication; 

authorizing subscriber access to said domain when said domain identifier is included in said 
list. 

/ 

15. (Original) The program storage device of claim 14, further comprising terminating said 
communication when said domain identifier is not included in said list. 

/ 

16. (Original) The program storage device of claim 14 wherein said communication comprises a 
Point-to-Point Protocol (PPP) session. 
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17. (Original) The program storage device of claim 16 wherein 
said PPP session comprises a tunneling session; 

said determining further comprises assigning a tunnel ID; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 

18. (Original) The program storage device of claim 17 wherein said tunneling session comprises 
an L2TP session. 

19. (Original) The program storage device of claim 18 wherein said determining further 
comprises: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domains for said identifier; 
indicating said domain is unauthorized when said domain name is not in said domain list; 
indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ID request including said domain name when said domain name is 

authorized; and 
receiving a tunnel ID. 

20. (Original) The program storage device of claim 19 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 
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21. (Original) The program storage device of claim 19 wherein said virtual circuit identifier 
comprises a VP I/VCI identifier. 

22. (Original) The program storage device of claim 18 wherein said determining further 
comprises: 

issuing a tunnel ID request including said domain name and a virtual circuit identifier; and 
receiving a tunnel ID. 

23. (Original) The program storage device of claim 22 wherein an AAA server services said 
tunnel ID request. 

24. (Original) The program storage device of claim 22 wherein said virtual circuit identifier 
comprises a VP I/VCI identifier. 

25. (Original) The program storage device of claim 18 wherein said determining further 
comprises: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized domain 
list that includes authorized domains for said virtual circuit identifier; 

indicating said domain is unauthorized when said domain name is not in said authorized 
domain list; 

indicating said domain is authorized when said domain name is in said authorized domain 
list; and 
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performing a table lookup based on said domain name to obtain a tunnel E) when said 
domain name is authorized. 

26. (Original) The program storage device of claim 25 wherein said virtual circuit identifier 
comprises a VP I/VCI identifier. 

27. (Original) An apparatus for controlling subscriber access in a network capable of 
establishing connections with a plurality of domains, the apparatus comprising: 
means for receiving a communication from a subscriber using a first communication 

network coupled to at least one other communication network, said communication 

optionally including a domain identifier associated with a domain on said at least one 

other communication network; 
means for determining whether said subscriber is authorized to access said domain based 

upon said domain identifier and a list of authorized domains for a virtual circuit used to 

receive said communication; 
means for authorizing subscriber access to said domain when said domain identifier is 

included in said list. 

28. (Original) The apparatus of claim 27, further comprising means for terminating said 
communication when said domain identifier is not included in said list. 

29. (Original) The apparatus of claim 27 wherein said communication comprises a Point-to- 
Point Protocol (PPP) session. 
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30. (Original) The apparatus of claim 29 wherein 
said PPP session comprises a tunneling session; 

said determining further comprises means for assigning a tunnel ID; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 

3 1 . (Original) The apparatus of claim 30 wherein said tunneling session comprises an L2TP 
session. 

32. (Currently Amended) The apparatus of claim 31 29 wherein said determining further 
comprises: 

means for issuing an authorized domain list request including a virtual circuit identifier; 
means for receiving an authorized domain list that includes authorized domains for said 
identifier; 

means for indicating said domain is unauthorized when said domain name is not in said 
domain list; 

means for indicating said domain is authorized when said domain name is in said domain 
list; 

means for issuing a tunnel ID request including said domain name when said domain name 

is authorized; and 
means for receiving a tunnel ID. 
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33. (Original) The apparatus of claim 32 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 



34. (Original) The apparatus of claim 32 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 



35. (Original) The apparatus of claim 31 wherein said determining further comprises: 
means for issuing a tunnel ID request including said domain name and a virtual circuit 

identifier; and 
means for receiving a tunnel ID. 



36, (Original) The apparatus of claim 35 wherein an AAA server services said tunnel ID 
request. 



37. (Original) The apparatus of claim 35 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 



38. (Original) The apparatus of claim 31 wherein said determining further comprises: 
means for performing a table lookup based on a virtual circuit identifier to obtain an 
authorized domain list that includes authorized domains for said virtual circuit 
identifier; 
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means for indicating said domain is unauthorized when said domain name is not in said 
authorized domain list; 

means for indicating said domain is authorized when said domain name is in said authorized 
domain list; and 

means for performing a table lookup based on said domain name to obtain a tunnel ID when 
said domain name is authorized. 

39. (Original) The apparatus of claim 38 wherein said virtual circuit identifier comprises a 
VPI/VCI identifier. 

40. (Original) An access server capable of forcing subscribers of a communications system to 
gain access exclusively to a domain network associated with a virtual circuit, said access 
server comprising: 

an authorized domain list request generator capable of generating an authorized domain list 
request including a virtual circuit identifier associated with a virtual circuit used to 
accept a PPP session authentication request, said PPP session authentication request 
including a domain identifier; 

an assessor capable of determining whether said domain identifier is in said domain list; 

a tunnel TD request generator capable of generating a tunnel ID' request including said 



an authorizer capable of granting users domain access based upon said authorized domain 
list. 



domain identifier; and 



/ 
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41. (Original) The access server of claim 40, further comprising: 

a first receiving interface capable of accepting said PPP session authentication request; 
a first forwarding interface capable of sending said authorized domain list request to an 
AAA server; 

a second receiving interface capable of accepting a requested authorized domain list; a 
second forwarding interface capable of sending said tunnel ID request to an AAA 
server; 

a third receiving interface capable of accepting a requested tunnel ID; and 
a third forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ID. 

42. (Original) The access server of claim 40 wherein said tunneling session comprises an L2TP 
session. 

43. (Original) The access server of claim 42 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

44. (Original) The access server of claim 43 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 
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45. (Original) The access server of claim 41 wherein said AAA server and said access server 
communicate using the Remote Authorization Dial-In User Service (RADIUS) protocol. 

46. (Original) An access server capable of forcing subscribers of a communications system to 
gain access exclusively to a domain network associated with a virtual circuit, said access 
server comprising: 

a tunnel ID request generator capable of generating a tunnel ID request, said tunnel ID 
request including a virtual circuit identifier associated with a virtual circuit used to 
accept a PPP authentication request; and 

an authorizer capable of granting users domain access based upon a list of authorized 
domains for said virtual circuit. 

47. (Original) The access server of claim 46, further comprising: 

a first receiving interface capable of accepting said PPP session authentication request, said 
PPP session authentication request including a domain identifier; 

a first forwarding interface capable of sending said tunnel ID request to an AAA server; 

a second receiving interface capable of accepting a requested tunnel ID; and 

a second forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ID. 

48. (Original) The access server of claim 47 wherein said tunneling session comprises an L2TP 
session. 
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49. (Original) The access server of claim 48 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

50. (Original) The access server of claim 46 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

51. (Original) The access server of claim 47 wherein said AAA server and said access server 
communicate using the Remote Authorization Dial-In User Service (RADIUS) protocol. 

52. (Original) An access server capable of forcing subscribers of a communications system to 
gain access exclusively to a domain network associated with a virtual circuit, said access 
server comprising: 

a memory device capable of storing a domain list table and a tunnel ID table, said domain 
list table including a plurality of virtual circuit identifiers and associated domain 
identifiers, said tunnel ID table including a plurality of domain names and associated 
tunnel IDs; 

an authorized domain list determiner capable of determining an authorized domain list based 
upon said domain list table and a domain identifier within a PPP authentication request, 
said PPP authentication request received on a virtual circuit having a virtual circuit 
identifier; 

an assessor capable of determining whether said domain identifier is in said domain list; 
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a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table 

and said domain identifier; and 
an authorizer capable of granting subscribers domain access based upon said authorized 

domain list. 



53. (Currently Amended) The access server of claim 52 further comprising: 

a receiving interface capable of accepting said PPP session authentication request; and 
a forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ID. 

54. (Original) The access server of claim 53 wherein said tunneling session comprises an L2TP 
session. 

55. (Original) The access server of claim 54 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

56. (Original) The access server of claim 52 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

57. (New) A method for controlling subscriber access in a network capable of establishing 
connections with a plurality of domains, comprising: 
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receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domains for said identifier; 
indicating said domain is unauthorized when said domain name is not in said domain 
list; 

indicating said domain is authorized when said domain name is in said domain list; 
issuing a tunnel ID request including said domain name when said domain name is 

authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ID when said subscriber is authorized to access said domain. 

(New) The method of claim 57 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 
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59. (New) The method of claim 57 wherein said virtual circuit identifier comprises a VPI/VCI 
identifier. 

60. (New) A method for controlling subscriber access in a network capable of establishing 
connections with a plurality of domains, comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 
domain list that includes authorized domains far said virtual circuit identifier; 

indicating said domain is unauthorized when said domain name is not in said authorized 
domain list; 

indicating said domain is authorized when said domain name is in said authorized 
domain list; 

performing a table lookup based on said domain name to obtain a tunnel ID when said 
domain name is authorized; and 
assigning said tunnel ID; and 
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authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ED when said subscriber is authorized to access said domain. 

61 . (New) The method of claim 60 wherein said virtual circuit identifier comprises a VPLVCI 
identifier. 

62. (New) A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method to control subscriber access in a 
network capable of establishing connections with a plurality of domains, the method 
comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domains for said identifier; 
indicating said domain is unauthorized when said domain name is not in said domain 
list; 

indicating said domain is authorized when said domain name is in said domain list; 
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issuing a tunnel ID request including said domain name when said domain name is 

authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ID when said subscriber is authorized to access said domain. 

63. (New) The method of claim 62 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

64. (New) The method of claim 62 wherein said virtual circuit identifier comprises a VPI/VCI 
identifier. 

65. (New) A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method to control subscriber access in a 
network capable of establishing connections with a plurality of domains, the method 
comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain identifier associated with a domain on said at least one other communication 
network; 
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determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a list of authorized domains for a virtual circuit used to receive 
said L2TP session, said determining comprising: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 
domain list that includes authorized domains far said virtual circuit identifier; 

indicating said domain is unauthorized when said domain name is not in said authorized 
domain list; 

indicating said domain is authorized when said domain name is in said authorized 
domain list; 

performing a table lookup based on said domain name to obtain a tunnel ID when said 

domain name is authorized; and 

assigning said tunnel ID; and 
authorizing subscriber access to said domain when said domain identifier is included in said 
list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel 
ED when said subscriber is authorized to access said domain. 



,66. (New) The method of claim 65 wherein said virtual circuit identifier comprises a VPI/VCI 
identifier. 

67. (New) An apparatus for controlling subscriber access in a network capable of establishing 
connections with a plurality of domains, comprising: 

means for receiving an L2TP session from a subscriber using a first communication network 
coupled to at least one other communication network, said L2TP session optionally 
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including a domain identifier associated with a domain on said at least one other 
communication network; 
means for determining whether said subscriber is authorized to access said domain based 
upon said domain identifier and a list of authorized domains for a virtual circuit used to 
receive said L2TP session, said means for determining comprising: 
means for issuing an authorized domain list request including a virtual circuit identifier; 
means for receiving an authorized domain list that includes authorized domains for said 
identifier; 

means for indicating said domain is unauthorized when said domain name is not in said 
domain list; 

means for indicating said domain is authorized when said domain name is in said 
domain list; 

means for issuing a tunnel ID request including said domain name when said domain 

name is authorized; 
means for receiving a tunnel ED; and 
means for assigning said tunnel ID; and 
means for authorizing subscriber access to said domain when said domain identifier is 
included in said list, wherein said L2TP session is forwarded onto a tunnel associated 
with said tunnel ID when said subscriber is authorized to access said domain. 

68. (New) The method of claim 67 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 
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69. (New) The method of claim 67 wherein said virtual circuit identifier comprises a VPI/VCI 
identifier. 

70. (New) An apparatus for controlling subscriber access in a network capable of establishing 
connections with a plurality of domains, comprising: 

means for receiving an L2TP session from a subscriber using a first communication network 
coupled to at least one other communication network, said L2TP session optionally 
including a domain identifier associated with a domain on said at least one other 
communication network; 

means for determining whether said subscriber is authorized to access said domain based 
upon said domain identifier and a list of authorized domains for a virtual circuit used to 
receive said L2TP session, said means for determining comprising: 
means for performing a table lookup based on a virtual circuit identifier to obtain an 
authorized domain list that includes authorized domains far said virtual circuit 
identifier; 

means for indicating said domain is unauthorized when said domain name is not in said 

authorized domain list; 
means for indicating said domain is authorized when said domain name is in said 

authorized domain list; 
means for performing a table lookup based on said domain name to obtain a tunnel ID 

when said domain name is authorized; and 

assigning said tunnel DD; and 
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means for authorizing subscriber access to said domain when said domain identifier is 
included in said list, wherein said L2TP session is forwarded onto a tunnel associated 
with said tunnel ID when said subscriber is authorized to access said domain. 



(New) The method of claim 70 wherein said virtual circuit identifier comprises a VP I/VCI 
identifier. 
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